Logparser error when used with PowerShell

Question

I\'m trying to use Log Parser within PowerShell to export a Windows Evtx log file to CSV:

$logparser = \"c:\\program files (x86)\\Log Parser 2.2\\logparser.exe\"         


        

Answer 1

You need to preserve the double quotes around the query string, otherwise it won't be recognized as a single argument by the spawned process.

Putting the query string (with double quotes) in single quotes might work:

$allArgs = '"SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"',
           "-i:evt",
           "-o:csv"

However, a much simpler solution to the problem would be to avoid Start-Process entirely and use the call operator (&) instead:

$logparser = "c:\program files (x86)\Log Parser 2.2\logparser.exe"
$query = "SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"

& $logparser -i:evt -o:csv $query